Linux Server Failure / Lockup.

[drucej31]

Hi All

We've got a Linux Redhat 7.3 server, it basically locked up again over the weekend.. I've posted a thread some 6 weeks ago.. and thought it may be IP chains related.. but unfortunately it's back again..

What in effect happens is the server is receiving huge amounts of data / packets from within the network subnet and locks the box up unable to get console access or ssh access into the server.. Similar to a denial of service attack..

Now the box itself is just a simple webserver running Apache / MySQL / Mod-SSL / Ip chains.. It's heavily bolted down with public / private key pair access only etc.

Ended up having to reboot the box manually.. in the /var/adm/messages file we found a number of these error messages..:-

ip_conntrack: table full, dropping packet

and significant volumes of these messages:-

Nov 10 04:05:39 actionaid2 kernel: TCP Dropped IN=eth0 OUT= MAC=00:50:8b:ec:9d:e8:00:04:c1:6d:a9:00:08:00 SRC=65.122.105.2 DST={our server ip} LEN=60 TOS=0x00 PREC=0x00 TTL=51 ID=10694 DF PROTO=TCP SPT=56928 DPT=113 WINDOW=5840 RES=0x00 SYN URGP=0

Does anyone have ideas on what might be causing it.. Having rebooted it has initially solved the immediate problem but concerned it may return..

Thanks in advance.
J.

 

[Morsing]

Looks like your IP-stack is too small or your window size is too small. You can't change these on the fly in Linux, so you need to recompile you kernel and have a look at these options in the networking part.

Cheers Henrik Morsing
IBM Certified AIX 4.3 Systems Administration